PT-2025-53628

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-800MB version 1.0.1.0 Description A command injection issue exists in the TRENDnet TEW-800MB. The issue is located in the NTPSyncWithHost.cgi file, specifically within the sub F934 function. Successful exploitation allows for remo...

CVE-2025-15081

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

CVE-2025-15081 JD Cloud BE6500 jdcapi sub_4780 command injection

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

PT-2025-53404

Name of the Vulnerable Software and Affected Versions JD Cloud BE6500 version 4.4.1.r4308 Description A command injection issue exists in JD Cloud BE6500 version 4.4.1.r4308. The issue is located in the /jdcapi file and affects the sub 4780 function. Manipulation of the ddns name argument can lea...

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

CVE-2019-25243

FaceSentry 6.4.8 has an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php. The root cause is unsanitized inputs in strInIP/strInPort, enabling arbitrary shell commands with root privileges. Affected product: FaceSentry 6.4.8. Impact is described as high. Rem...

PT-2025-53329

Name of the Vulnerable Software and Affected Versions FaceSentry version 6.4.8 Description FaceSentry 6.4.8 has a remote command injection issue in the pingTest.php and tcpPortTest.php scripts. An attacker with authentication can inject and execute arbitrary shell commands with root privileges...

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

PT-2025-52857

Name of the Vulnerable Software and Affected Versions Tenda WH450 version 1.0.0.18 Description A flaw exists in the Tenda WH450 device. This issue affects an unspecified function within the HTTP Request Handler component, specifically related to the file '/goform/CheckTools'. Manipulation of the...

CVE-2023-53963 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Remote Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

CVE-2023-53963

CVE-2023-53963 affects SOUND4 IMPACT/FIRST/PULSE/Eco v2.x and describes an unauthenticated OS command injection via the password parameter in login.php and index.php, enabling remote command execution with web server privileges. Public references document a PoC and multiple exploits (e.g., Exploi...

CVE-2025-14884

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

CVE-2025-14884

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

CVE-2025-14884

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

CVE-2025-14884 D-Link DIR-605 Firmware Update Service command injection

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

CVE-2023-53881

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...

CVE-2025-14707

A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/httpeshellserver of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploi...

CVE-2025-14706

A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/httpeshellserver of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be launched remotely. The exploit is publicly available and mig...

CVE-2025-14705

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilize...